CVE-2011-4030
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
Vendor advisory: cve@mitre.org — http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
Vendor advisory: cve@mitre.org — http://plone.org/products/plone-hotfix/releases/20110928
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| plone | cmfeditions | 2.0a1 | |
| plone | cmfeditions | 2.0b1 | |
| plone | cmfeditions | 2.0b2 | |
| plone | cmfeditions | 2.0b3 | |
| plone | cmfeditions | 2.0b4 | |
| plone | cmfeditions | 2.0b5 | |
| plone | cmfeditions | 2.0b6 | |
| plone | cmfeditions | 2.0b7 | |
| plone | cmfeditions | 2.0b8 | |
| plone | cmfeditions | 2.0b9 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2a1 | |
| plone | plone | 4.2a2 | |
References
- http://plone.org/products/plone-hotfix/releases/20110928
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- http://secunia.com/advisories/46323
- http://www.securityfocus.com/bid/50287
- https://nvd.nist.gov/vuln/detail/CVE-2011-4030
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yaml
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.